Salvadoran official cryptocurrency wallet Chivo Wallet denies reports that its source code and over 5 million user data related to KYC procedures have been hacked. The wallet's management department clarified that its data security has not been compromised and the leaked data did not come from their system.

In addition, Chivo stated that the only leaked files came from a Chivo ATM machine stolen on March 21, 2023. These files contained information strictly related to the operation of the ATM machine and did not include any personal user data. (Finance Feeds)

Earlier in April, hackers claimed that personal information of over 5 million Salvadorans had been leaked since last Saturday, making it the most serious data security incident in the country's history. The stolen information includes names, birthdays, phone numbers, addresses, and even high-definition watermark-free avatars. This leak involves the vast majority of Salvadoran adults. The leaked data has been circulating on the dark web since August for $250, but the hackers reportedly did not receive a ransom and decided to release the data for free.

YIEDL has released an update on the hacker attack on the X platform. YIEDL stated that:

a. The hacker attacked the new Y-Bull gold vault on Bsc, worth about $300,000;

b. All SCs have undergone extensive third-party auditing and testing before release, but the attacker exploited a vulnerability in the BSC-integrated SC, which allowed redemption of small amounts of funds. This has been done multiple times through custom malicious SCs. Unfortunately, this vulnerability was not discovered during the auditing phase;

c. We are tracking the flow of stolen funds to the destination wallet and are looking for partial/full recovery solutions;

d. The incident has been reported to the Singapore authorities;

e. One of the attacker's wallets received funds from an address starting with 0x975d9B, and multiple security teams have emphasized to us that this address belongs to the ChangeNow cryptocurrency exchange. We have contacted them to obtain detailed information about the attacker.

Yesterday, according to PeckShield monitoring, YIEDL (an AI-driven Vaults project) was attacked, resulting in a loss of about $160,000.

Alliance of 314 issued a statement claiming that the contract of a certain 314 project has not been open-sourced on the blockchain. As for whether other platforms have open-sourced their contracts, there is a misconception that open-sourcing on other platforms is self-submitted and does not necessarily mean that the contract is deployed on the chain, so there may be unknown hidden issuance. Additionally, the said 314 project announced that it will soon launch a trading platform, and the first requirement for logging into a centralized exchange is to open-source the contract. Open-sourcing is the first thing that any project should do to ensure investor confidence. Referring to the open-sourcing of the 0.1, 0.5, and 0.9 versions before, it can be concluded that there is hidden code in the X314 contract, and therefore it cannot be open-sourced out of fear. The biggest risk warning: after decompiling and querying ethervm, it is highly suspected that a certain 314 has a hidden issuance switch to increase mining pool output and arbitrage. The field is as follows: 0x40c10f19mint(address,uint256). The risk alert level for this switch is the highest level, and generally, ordinary developers do not set this switch.

Over the past two months, countless users have become victims of fraud, losing their digital assets. All of the stolen assets were exchanged for ETH. Recently, a phishing attacker exchanged 1,692 ETH for $5.5 million and transferred it to a certain address.

Investors have created a Telegram group called "ZKasino Legal Special Working Group" to sue the co-founder of ZKasino, who is suspected of embezzling nearly $33 million worth of Ethereum from users and disappearing after exchanging it for the platform's native tokens. The controversy began on March 23 when Kedar Iyer, founder of ZigZag Exchange, published an article on X platform stating that ZKasino co-founder Monke used ZigZag's funds to launch ZKasino.

In an article on April 23, BlackDragon revealed that they had planned to invest in ZKasino. However, BlackDragon's due diligence team stated that the investment did not go through due to poor responses from ZKasino team members when asked to disclose their identities. Additionally, user Cygaar pointed out that ZKasino's blockchain technology does not match its advertising and is only a quick build version based on Arbitrum Nitro.

Currently, it is still unclear whether ZKAS tokens have been distributed, and investors who purchased ZKAS during the presale have not yet received their tokens. (Crypto Briefing)

According to Cointelgraph, a hacker group called CiberInteligenciaSV released some source code on the hacker crime forum BreachForums on April 23. The hacker group claimed that the source code released this time is related to the Salvadoran Bitcoin Chivo wallet ATM machine.

Asymmetry Research, a security company that contributed to the Wormhole interoperability protocol, disclosed that vulnerabilities in the Cosmos blockchain ecosystem could pose a risk of over $150 million. Asymmetry Research has reportedly privately disclosed the vulnerability (a "re-entry vulnerability") to the Cosmos development team and stated that it has been resolved before being exploited.

Cross-chain infrastructure Magpie Protocol published an article stating that there is a vulnerability in the contract and urging users who have authorized its contract and still hold funds in their wallets to cancel the relevant contract authorization on each chain as soon as possible.

SlowMist security team has exposed a new type of cryptocurrency scam. This scam uses the remote procedure call (RPC) function of modified Ethereum nodes to commit fraud. The specific process of the scam is as follows: the scammer induces the user to download the imToken wallet and gain the user's trust by using 1 USDT and a small amount of ETH as bait. Then, the scammer guides the user to change their ETH's RPC URL to the node controlled by the scammer. The node uses Tenderly's fork function to falsify the user's USDT balance. When the user sees the incorrect balance, they may attempt a transfer, but the scammer has already disappeared. According to SlowMist Technology's report, this type of scam exploits users' trust and negligence, resulting in asset losses. The SlowMist security team reminds users to remain vigilant when trading and avoid using untrusted RPC nodes.

According to ScamSniffer monitoring, 23 minutes ago, a victim lost 82.5 ETH (258,618 USD) because they copied the wrong address from a contaminated transfer record.